About a year after a data breach occurred at GoDaddy 28,000 customer accounts, the world’s largest internet domain registrar is once again at the center of a security scandal. Hackers have taken down several cryptocurrency services using GoDaddy domains in recent weeks, and apparently company staff have unknowingly aided in these attacks.
Hackers allegedly tricked GoDaddy employees into handing over the reins of web domains for various cryptocurrency services, then used those permissions to make unauthorized changes and remove the sites, according to a report from the cyberblog. Krebs on security
the Saturday. While it is not known how many companies fell for this scam, cryptocurrency trading platform Liquid and mining service NiceHash discovered attacks within days of each other.
Related Downloads:
“The 13e November 2020, a ‘GoDaddy’ domain hosting provider managing one of our major domain names improperly transferred account and domain control to a malicious actor, ”Liquid CEO Mike Kayamori said in a blog post Wednesday. “This gave the actor the ability to change DNS records and, in turn, take control of various internal email accounts. In due time, the malicious actor was able to partially compromise our infrastructure and gain access to document storage.
NiceHash kicked out a blog post On Tuesday, he warned users that he had discovered several unauthorized changes in the configuration of their domain registration records. The company immediately froze all user funds, which remained inaccessible for about 24 hours, and launched an investigation into the matter, but eventually found that the hackers did not gain access to emails, passwords or personal data.
What’s also unclear is how these hackers tricked GoDaddy employees into transferring domain ownership in the first place. In a statement to Engadget, a spokesperson for the company confirmed that a “limited number” of employees fell into “social engineering” attacks that allowed hackers to manipulate accounts and domains without authorization, but without giving details.
G / O Media can get a commission
Social engineering refers to attacks in which hackers use their social skills to harvest information from a the organization or its networks, Infrastructure and cybersecurity security agency. Phishing, an attack in which hackers use malicious emails or websites from seemingly credible organizations to steal information, falls into this category..
The spokesperson said GoDaddy responded by locking down accounts, rolling back changes made by hackers and working with victims to help them regain access.
Serious Really Embarrassing that GoDaddy employees fell victim to the same type of voice phishing tactic that caused another data breach in March. This campaign compromised several domains, including the transaction brokerage site Escrow.com, and GoDaddy later admitted that one of its employees had been victims of “a phishing or social engineering attack”.
As Krebs points out, hackers have increasingly relied on voice phishing, or “vishing”, to attack businesses in recent months. This is when attackers use one-on-one phone calls, often claiming to be tech support for a target’s employer, to try and direct targets to phishing sites in order to collect credentials. account and other sensitive company information.
Although we don’t know exactly how hackers have one sure GoDaddy Staff, this this incident is a reminder that humans are not perfect. On the other hand, this type of Attacks aren’t really new, so instead of opening onet human error, maybe companies should focus on strengthening both Human Yes
[Krebs on Security]
.